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DETAILED ACTION 



1, 



Claims 1 



25 are pending for examination. 



2. Claims 1- 25 are rejected. 

Claim Rejections - 35 USC §102 
The following is a quotation of the appropriate paragraphs of 35 U.S. C 102 that form the 
basis for the rejections under this section made in this Office action: 



A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed pubhcation in this or a foreign country or in pubhc use or on 
sale in this country, more than one year prior to the date of apphcation for patent in the United States. 



3. Claims 1-25 are rejected under 35 U.S.C. 102(b) as being anticipated by Devine et al, 
U.S. Patent 6,598,167 B2, 



2,lines 55-col. 3, line 8, col. 5, lines 57-col. 6,line 3], comprising: upon loading a class, 
determining whether a signature in the given file type applies to the class [col. 6,lines 13-33,39- 
62, col. 14,lines 53-coL 16,line 33, figure 7 and accompanying description]; if so, executing a 
verification procedure to verify the signature and the identity of a signer that generated the 
signature [col. 8,lines 31-60, col. 12,lines 16-col. 14,line 39]; following a successful verification, 
determining whether the signer is identified in a policy entry [col 16,lines 47-56]; and if the 
signer is identified in the policy entry, populating a permission set for the class [col. 16,lines 47- 
coL 17,line 8]."; 

Further, as per claim 1 1; "A method for executing a signed applet packaged in a given 
file [col. 2,lines 55-coL 3,line 8, col. 5,lines 57-col. 6,line 3], comprising: upon loading each 



4. 



As per claim 1; "A method for executing a signed applet packaged in a given file [col. 
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class, determining whether any signatures in the given file applies to the class [col. 6,lines 13- 
33,39-62, col. 14,lines 53-col. 16,line 33, figure 7 and accompanying description]; if so, 
executing a verification procedure to verify the signature and the identity of a signer that 
generated the signature [col. 8,lines 31-60, col. 12,lines 16-col. 14,line 39]; following a 
successful verification, determining whether the signer is identified in a policy entry [col. 
16,lines 47-56]; if the signer is identified in the policy entry, awarding the class a permission as 
identified in the policy entry; and responsive to a request that requires a permission, using the 
permission set for the class to determine whether the class has the permission [col. 16,lines 47- 
col. 17,line8]."; 

Further, as per claim 17; "A computer program product [This claim is software embodied 
on a computer readable memory claim for the method claim 1 above, and is rejected for the same 
reasons provided for the claim 1 rejection] including computer usable code for use in a Java 
runtime environment (JRE), comprising: an applet class loader for loading a set of applet classes 
archived in a signed file; a set of signature engine classes for verifying applet class signatures; 
and a security manager class callable by the applet class loader upon receipt of an initial request 
that requires a given permission and, in response thereto invoking a policy file class that verifies 
a signer based on the existence of a matching certificate in a set of keystores."; 

Further, as per claim 22; "A system [This claim is apparatus (system) claim for the 
method claim 1 above, and is rejected for the same reasons provided for the claim 1 rejection], 
comprising: a browser; a Java runtime environment; a set of keystores; an applet class loader for 
loading a set of applet classes archived in a signed file; a set of signature engine classes for 
verifying applet class signatures; and a security manager class callable by the applet class loader 
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upon receipt of an initial request that requires a given permission and, in response thereto, 
invoking a poHcy file class that verifies a signer based on the existence of a matching certificate 
in the set of keystores.". 



5. Claim 2 additionally recites the limitation that; "[The method as described in Claim 1] 
wherein the signature is verified using a given algorithm used to sign the applet.". The teachings 
of Devine et al suggest such limitations (col. 12,lines 9-54, figure 7,10-12 and accompanying 
description); 

Further, as per claim 23 additionally reciting the limitation that; "[The system (This 
claim is apparatus (system) claim for the method claim 2 above, and is rejected for the same 
reasons provided for the claim 2 rejection) as described in Claim 22] wherein at least one 
signature engine verifies signatures using a given algorithm used to sign the applet.". 



6. Claim 3 additionally recites the limitation that; "[The method as described in Claim 2] 
wherein the given algorithm is selected from the set of algorithms consisting of DSA/SHAl, 
RSA/MD5 and RSA/SHAl.". The teachings of Devine et al suggest such limitations (col. 
ll,lines 63-col. 12,line 16, col. 20,lines 49-coL 21,line 16, col 22,lines 20-45, col 23,lines 50- 
col. 24,line 19, whereas the use of HTTPS being the combination of HTTP+SSL, such that SSL 
is defined to use MD5, SHA-1, HMAC, etc., for the digital signature and digest functions); 

Further, as per claim 18 additionally reciting the limitation that; "[The computer program 
product (This claim is software embodied on a computer readable memory claim for the method 
claim 3 above, and is rejected for the same reasons provided for the claim 3 rejection) as 
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described in Claim 17] wherein the set of signature engine classes includes a DSA/SHAl class, 
an RSA/MD5 class, and a RSA/SHAl class.". 



7. Claim 4 additionally recites the limitation that; "[The method as described in Claim 1] 
wherein the step of populating the permission set for the class awards the class a permission as 
specified in the policy entry.". The teachings of Devine et al suggest such limitations (col. 
16,lines47-col. 17,line 8); 

Further, as per claim 24 additionally reciting the limitation that; "[The system (This 
claim is apparatus (system) claim for the method claim 4 above, and is rejected for the same 
reasons provided for the claim 4 rejection) as described in Claim 22] further comprising means 
for populating a permission set for the class, wherein the class is awarded a permission as 
specified in a policy entry in a database managed by the security manager class.". 



8. Claim 5 additionally recites the limitation that; "[The method as described in Claim 1] 
further including the steps of determining whether the applet has made a request that requires 
permission; and if so, using the permission set of the class to determine whether the class has the 
permission.". The teachings of Devine et al suggest such limitations (col. 16,lines 47-col. 17,line 

8, col. 18,lines 13-col. 19,line 51, col. 27,lines 44-col. 28,line 23, col. 28,line 62-col. 29,line 12,). 

9. Claim 6 additionally recites the Umitation that; "[The method as described in Claim 5] 
further including the step of responding to the request if the class has the permission.". The 
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teachings of Devine et al suggest such Hmitations (col. 16,lines 47-col. 17,Hne 8, col. 18,lines 13- 
col. 19,nne 51, col. 27,lines 44-col. 28,line 23, col. 28,line 62-coL 29,line 12,); 

Further, as per claim 12 additionally reciting the limitation that; "[The method as 
described in Claim 1 1] further including the step of responding to the request if the class has the 
permission.". The teachings of Devine et al suggest such limitations (col. 16,Hnes 47-col. 17,line 
8, col. 18,lines 13-coL 19,line 51, col. 27,nnes 44-col. 28,line 23, col. 28,line 62-col. 29,line 12,). 



10. Claim 7 additionally recites the limitation that; "[The method as described in Claim 1] 
wherein the step of verifying the identity of the signer verifies that the signer is in a default 
certificate database and that a certificate of the signer has not expired.". The teachings of Devine 
et al suggest such limitations (col. 6,lines col. 8,lines 31-60, col. 12,lines 16-col. 14,line 39, col. 
16,lines 47-col. 17,line 8, col. 18,lines 13-col. 19,Hne 51, col. 27,lines 44-col. 28,line 23, col. 
28,line 62-col. 29,line 12, col. 29,lines 50-col. 30,Hne 13); 

Further, as per claim 13 additionally reciting the limitation that; "[The method as 
described in Claim 11] wherein the step of verifying the identity of the signer verifies that the 
signer is in a default certificate database and that a certificate of the signer has not expired.". The 
teachings of Devine et al suggest such limitations (col. 16,lines 47-col. 17,line 8, col. 18,lines 13- 
col. 19,line 51, col. 27,lines 44-col. 28,line 23, col. 28,line 62-col. 29,line 12, col. 29,lines 50- 
col. 30,line 13). 



11. Claim 8 additionally recites the limitation that; "[The method as described in Claim 1] 
wherein the step of verifying the identity of the signer verifies that the signer contains a 
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certificate chain to a trusted certificate authority, that each certificate in the certificate chain 
contains a signature that can be verified by a given key, and that each certificate in the 
certification chain has not expired.". The teachings of Devine et al suggest such Hmitations (col. 
6,lines col. 8,lines 31-60, col. 12,lines 9-col. 14,line 39, col. 16,lines 47-col. 17,line 8, col. 
18,lines 13-col. 19,line 51, col. 27,lines 44-col. 28,line 23, coL 28,line 62-col. 29,line 12, col. 
29,lines 50-col. 30,line 13); 

Further, as per claim 14 additionally reciting the limitation that; "[The method as 
described in Claim 11] wherein the step of verifying the identity of the signer verifies that the 
signer contains a certificate chain to a trusted certificate authority, that each certificate in the 
certificate chain contains a signature that can be verified by a given key, and that each certificate 
in the certification chain has not expired.". The teachings of Devine et al suggest such limitations 
(col. 6,lines col. 8,lines 31-60, col. 12,lines 9-col- 14,line 39, col. 16,lines 47-coI. 17,line 8, col. 
18,lines 13-col. 19,line 51, col. 27,lines 44-col. 28,line 23, col. 28,line 62-col. 29,line 12, col. 
29,lines 50-col. 30,line 13). 



12. Claim 9 additionally recites the limitation that; "[The method as described in Claim 1] 
wherein the given file is selected fi*om the set of file types consisting of a first signed jar file, a 
second signed jar file, and a signed cab file.". The teachings of Devine et al suggest such 
limitations (col. 6,lines 13-33,39-62, col. 14,lines 53-col. 16,line 33, figure 7 and accompanying 
description); 

Further, as per claim 15 additionally reciting the limitation that; "[The method as 
described in Claim 11] wherein the given file is selected fi-om the set of file types consisting of a 
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first signed jar file, a second signed jar file, and a signed cab file The teachings of Devine et al 
suggest such limitations (col. 6,lines 13-33,39-62, coL 14,lines 53-coL 16,line 33, figure 7 and 
accompanying description); 

Further, as per claim 20 additionally reciting the limitation that; "[The computer program 
product (This claim is software embodied on a computer readable memory claim for the method 
claim 9 above, and is rejected for the same reasons provided for the claim 9 rejection) as 
described in Claim 17] wherein the applet classes are archived in a jar file."; 

Further, as per claim 21 additionally reciting the limitation that; "[The computer program 
product (This claim is software embodied on a computer readable memory claim for the method 
claim 9 above, and is rejected for the same reasons provided for the claim 9 rejection) as 
described in Claim 17] wherein the applet classes are archived in a cab file."; 

Further, as per claim 25 additionally reciting the limitation that; "[The system (This 
claim is apparatus (system) claim for the method claim 9 above, and is rejected for the same 
reasons provided for the claim 9 rejection) as described in Claim 22] wherein the signed file is 
selected fi*om the set of file types consisting of a first signed jar file, a second signed jar file, and 
a signed cab file.". 



13. Claim 10 additionally recites the limitation that; "[The method as described in Claim 1] 
wherein the signed applet is executable in a given one of a set of different browser types.". The 
teachings of Devine et al suggest such limitations (col 6,lines 13-33,39-62, col. 14,Iines 53-col. 
16,line 33, figure 7 and accompanying description); 
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Further, as per claim 16 additionally reciting the Hmitation that; "[The method as 
described in Claim 1 1] wherein the signed applet is executable in a given one of a set of different 
browser types.". The teachings of Devine et al suggest such limitations (col. 6,lines 13-33,39-62, 
col. 14,lines 53-col. 16,line 33, figure 7 and accompanying description). 

14. Claim 19 additionally recites the limitation that; "[The computer program product as 
described Claim 17] wherein the applet class loader is invoked by a Java Plug-in of the Java 
runtime environment.". The teachings of Devine et al suggest such limitations (col. 6,lines 13- 
33,39-62, col. 14,lines 53-col. 16,line 33, figure 7 and accompanying description). 



15. Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Ronald Baum, whose telephone number is (703) 305-4276. The examiner 
can normally be reached Monday through Friday from 8:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (703) 305-9648. The Fax numbers for the 
organization where this application is assigned are: 
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Non-Ofificial/Draft (703) 746-7246 



Official 



(703) 746-7239 




Ronald Baum 



SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



